Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix CSP for disqus and Google Analytics | Sheogorath | 2018-03-30 | 1 | -1/+2 |
| | | | | | | | | | | | | | This commit should fix existing problems with Disqus and Google Analytics enabled in the meta-yaml section of a note. Before this commit they were blocked by the strict CSP. It's still possible to disable the added directives using `addDisqus` and `addGoogleAnalytics` in the `csp` config section. They are enabled by default to prevent breaking changes. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Change config to camel case with backwards compatibility | Sheogorath | 2018-03-25 | 1 | -44/+44 |
| | | | | | | | | This refactors the configs a bit to now use camel case everywhere. This change should help to clean up the config interface and make it better understandable. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Remove and replace all note id compression in LZString with base64url | Max Wu | 2018-02-26 | 1 | -6/+5 |
| | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
* | Fix to show 500 message when got error in parseNoteId | Max Wu | 2018-02-17 | 1 | -1/+2 |
| | | | | Signed-off-by: Max Wu <jackymaxj@gmail.com> | ||||
* | Fix ldap provider name in template | Sheogorath | 2018-01-26 | 1 | -0/+2 |
| | | | | | | | | Before this fix it's impossible to set the provider name in the sign-model since `ldap` is a boolean there and this way not able to have an attribute like `ldap.providerName`. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> | ||||
* | Merge pull request #598 from xxyy/feature/csp | Christoph (Sheogorath) Kern | 2018-01-22 | 1 | -1/+2 |
|\ | | | | | Implement basic CSP support | ||||
| * | CSP: Add nonce to slide view inline JS | Literallie | 2017-10-22 | 1 | -1/+2 |
| | | |||||
* | | Merge pull request #673 from fooker/master | Christoph (Sheogorath) Kern | 2018-01-20 | 1 | -1/+2 |
|\ \ | | | | | | | Allow posting new note with content | ||||
| * | | Allow posting new note with content | Dustin Frisch | 2018-01-18 | 1 | -1/+2 |
| | | | | | | | | | | | | Signed-off-by: Dustin Frisch <fooker@lab.sh> | ||||
* | | | Add option to enable `freely` permission in closed instance | Dario Ernst | 2018-01-20 | 1 | -0/+2 |
|/ / | | | | | | | | | | | | | | | Before, closed disallowed guest edits completely, by removing the `freely` permission. This makes it possible to explicitely bring back guest-editing, but not guest-note-creation, to closed instances. Signed-off-by: Dario Ernst <dario@kanojo.de> | ||||
* | | Fix file permission, remove useless executable | Peter Dave Hello | 2017-12-14 | 1 | -0/+0 |
| | | |||||
* | | Initial support for SAML authentication | Norihito Nakae | 2017-11-28 | 1 | -0/+2 |
| | | |||||
* | | Fix mattermost breaking notes | Sheogorath | 2017-10-31 | 1 | -0/+1 |
| | | |||||
* | | Add mattermost authentication | Christoph Witzany | 2017-10-31 | 1 | -0/+1 |
| | | |||||
* | | Adds 403 response if PDF export is disabled | geekyd | 2017-10-25 | 1 | -1/+6 |
| | | |||||
* | | Adds PDF export via config | geekyd | 2017-10-25 | 1 | -1/+3 |
|/ | |||||
* | Fix slide might not provide slideOptions meta | Wu Cheng-Han | 2017-06-05 | 1 | -1/+1 |
| | |||||
* | check if reveal theme exists | butlerx | 2017-06-01 | 1 | -1/+2 |
| | |||||
* | add the ability to set slide theme in slide options | butlerx | 2017-05-31 | 1 | -0/+1 |
| | |||||
* | refactor(config.js): Extract config file | BoHong Li | 2017-05-08 | 1 | -16/+16 |
| | | | | | * Separate different config source to each files * Freeze config object | ||||
* | refactor: Remove `require` extension filename | BoHong Li | 2017-05-08 | 1 | -2/+2 |
| | |||||
* | Use strict mode in all backend files | BoHong Li | 2017-03-14 | 1 | -0/+1 |
| | | | | add ‘use strict’ in all backend file | ||||
* | Use JavaScript Standard Style | BoHong Li | 2017-03-08 | 1 | -547/+539 |
| | | | | | Introduce JavaScript Standard Style as project style rule, and fixed all fail on backend code. | ||||
* | Refactor checkViewPermission to fix limited & protected permission check bug ↵ | Wu Cheng-Han | 2017-01-16 | 1 | -3/+3 |
| | | | | and fix code style | ||||
* | Fix missing config in hackmd response | Wu Cheng-Han | 2017-01-16 | 1 | -1/+2 |
| | |||||
* | Add `allowemailregister` option | Sheogorath | 2017-01-12 | 1 | -0/+1 |
| | |||||
* | Merge pull request #313 from elct9620/feature/disable_anonymous_view | Max Wu | 2017-01-10 | 1 | -2/+7 |
|\ | | | | | WIP: Add options to limit anonymous view note | ||||
| * | Add limited and protected permission | 蒼時弦也 | 2017-01-10 | 1 | -2/+7 |
| | | |||||
| * | Recovery tariling spaces | 蒼時弦也 | 2017-01-10 | 1 | -2/+2 |
| | | |||||
| * | Remove temporary change | 蒼時弦也 | 2017-01-10 | 1 | -3/+0 |
| | | |||||
| * | Fix anonymouse view permission check | 蒼時弦也 | 2017-01-05 | 1 | -1/+4 |
| | | |||||
| * | Add limit for constrain anonymous view note | 蒼時弦也 | 2017-01-05 | 1 | -3/+3 |
| | | |||||
* | | Merge pull request #279 from alecdwm/ldap-auth | Max Wu | 2017-01-09 | 1 | -0/+2 |
|\ \ | |/ |/| | Support for LDAP server authentication | ||||
| * | Initial support for LDAP server authentication | alecdwm | 2016-12-13 | 1 | -0/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Limitations as of this commit: - tlsOptions can only be specified in config.json, not as env vars - authentication failures are not yet gracefully handled by the UI - instead the error message is shown on a blank page (/auth/ldap) - no email address is associated with the LDAP user's account - no picture/profile URL is associated with the LDAP user's account - we might have to generate our own access + refresh tokens, because we aren't using oauth. The currently generated tokens are just a placeholder. - 'LDAP Sign in' needs to be translated to each locale | ||||
* | | Fix and refactor extracting content using metaMarked directly might lead in ↵ | Wu Cheng-Han | 2017-01-04 | 1 | -45/+14 |
| | | | | | | | | invalid object | ||||
* | | Fix yaml metadata description not able to show | Wu Cheng-Han | 2017-01-02 | 1 | -3/+3 |
| | | |||||
* | | Remove LZString compression for data storage | Wu Cheng-Han | 2017-01-02 | 1 | -7/+7 |
| | | |||||
* | | Fixed typo: anonmyous | Florian Rhiem | 2016-12-21 | 1 | -3/+3 |
| | | |||||
* | | Add support of allow free url config option with correspond modifications | Wu Cheng-Han | 2016-12-16 | 1 | -2/+9 |
| | | |||||
* | | Add support of allow anonymous config option with correspond modifications | Wu Cheng-Han | 2016-12-15 | 1 | -0/+4 |
|/ | |||||
* | Update to support optional email register and signin | Wu Cheng-Han | 2016-12-02 | 1 | -6/+10 |
| | |||||
* | Update to auto generate meta description based on content in publish note ↵ | Wu Cheng-Han | 2016-11-26 | 1 | -7/+14 |
| | | | | and slide | ||||
* | Fix possible XSS in yaml-metadata and turn using ejs escape syntax than ↵ | Wu Cheng-Han | 2016-11-26 | 1 | -5/+2 |
| | | | | external lib [Security Issue] | ||||
* | Fix slide might trigger script when processing markdown which cause XSS ↵ | Wu Cheng-Han | 2016-11-26 | 1 | -11/+1 |
| | | | | [Security Issue] | ||||
* | Update to improve history api error and bad request handling | Wu Cheng-Han | 2016-10-10 | 1 | -0/+3 |
| | |||||
* | Update to allow CORS as API on revision actions | Wu Cheng-Han | 2016-10-10 | 1 | -0/+14 |
| | |||||
* | Update to support showing owner on the infobar | Wu Cheng-Han | 2016-10-10 | 1 | -0/+6 |
| | |||||
* | Update to prevent caching and crawling status | Wu Cheng-Han | 2016-09-18 | 1 | -1/+1 |
| | |||||
* | Update to use proper way to render view and fix upload image error should ↵ | Wu Cheng-Han | 2016-08-19 | 1 | -74/+19 |
| | | | | response with code | ||||
* | Add info api for note | Wu Cheng-Han | 2016-08-19 | 1 | -0/+32 |
| |